Microsoft Patch Alert: October’s been a nightmare

Deleted user files, looping blue screens, bad drivers, Edge mute, and at least one patch that didn’t: This month shows, more than ever, that you need to protect your machine from Microsoft’s bad patches. And for heaven’s sake, don’t click “Check for updates.”

This month’s bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.

Worst Windows 10 rollout ever

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

Now that we’re in October’s “C Week” — the week containing the third Tuesday of the month — version 1809 is back in beta testing, there are new patches for those who want to continue with 1809, Microsoft hasn’t come up with a fix for the deleted files, and a whole lot of people are in a whole lot of hurt.

Windows 7 Monthly Rollup patching sequence logic still screwed up

Microsoft vowed that it would fix the bizarre error where the patch installer isn’t smart enough to update itself prior to installing new patches. The primary symptom is an Error 0x8000FFF when installing the Monthly Rollup.

The Servicing Stack Update sequencing problem is so bad, it looks like Microsoft stopped pushing the Monthly Rollup at the end of “B Week.”

Metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.

Bad driver #1 — HP keyboards

I still see reports that Microsoft pushed a buggy update to Win10 version 1809 that caused the WDF_VIOLATION blue screens that brought some systems to their knees. That’s not true. The blue screens are triggered by a bad HP keyboard driver, version 11.0.3.1, which was distributed via Windows Update to Win10 version 1803 and 1809 machines. The buggy driver causes blue screens on the latest builds of 1803 and 1809, although it’s unclear whether the driver triggers BSODs on earlier builds.

Microsoft released a “silver bullet” update that deletes the driver if it’s sitting in your PC’s queue waiting for reboot — which doesn’t do a whole lot of good, especially if you’re stuck in a BSOD loop.

Bad driver #2 — Intel audio

As if the pushed buggy HP keyboard driver weren’t enough, Microsoft also pushed a second bad driver. Some folks running Win10 1709, 1803 or 1809 with Automatic Update turned on discovered that after installing this month’s updates, the sound stopped working, with the message “No Audio Output Device Is Installed.”

Fer heaven’s sake. Why let Windows Update push its buggy drivers onto your machine? There’s a fairly straightforward procedure for telling Windows to stop pushing drivers along with its other dicey updates. At least, the steps are straightforward for those who own Win10 Pro or Education. Home users get to futz with a Registry setting.

Edge can’t find the internet

Speaking of weird Win10 version 1809 behavior... if you’re trying to run Edge (I know, I know) in Win10 version 1809, you may not be able to connect to the internet. UWP (“Metro” Store) apps might not be able to connect, either. This happens even if you have a working internet connection.

Some day this will all go away. The latest version of the dominant Chrome browser doesn’t have that IPv6 problem, and with newfound, fledgling support for Progressive Web Apps, we’re likely looking at the beginning of the end of UWP apps. I, for one, won’t miss them.

JET database patch doesn’t work

Trend Micro’s Zero Day Initiative found a bug in the Jet Database Engine — an ancient (early ‘90s) bug-ridden database precursor to today’s SQL Server. Microsoft didn’t fix it in the ZDI-allotted 120-day fix window, so they published full details. On Day 154, this month’s Patch Tuesday, Microsoft released a fix for what is now known as CVE-2018-8423.

0patch is in the business of providing short-term “micropatches” for bugs that Microsoft doesn’t fix. They initially published a micropatch when Microsoft missed the ZDI deadline. Now they’ve issued a re-patch for the still-unfixed CVE-2018-8423 bug.

I rarely recommend third-party fixes for Microsoft bugs because of the potential for problems. But when Microsoft can’t fix its own bugs, well, it gives me pause.

The bottom line

The past four months have shown, repeatedly, that you’d have to be crazy — or ignorant of the past — to continue applying Windows patches as soon as they’re released. July patching was an unmitigated disaster. After some initial missteps, August fared substantially better. September saw a bunch of “v2” patches that got yanked suddenly, but it all worked out in the end — if you waited long enough. Now October is back to the same-old same-old.

If you’re in charge of protecting state secrets, the pressure’s on to get the patches installed come hell or high water. But for most folks, there’s precious little reason to subject your machine to patching problems right away. That said, Susan Bradley’s Master PatchList remains relatively calm, if you take into consideration the problems explored in this article.

This month is the first month with an “E Week” — there are five Tuesdays in October. It’ll be the first “E Week” since Microsoft adopted the “A Week” / “B Week” bafflegab. With five Tuesdays now open to official attack, we may be entering a new stage of enlightenment.